Upstream information
Description
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 7.5 |
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Note from the SUSE Security Team
This is a BSD operating system specific issue and does not affect Linux. Please also see CVE-1999-0077. No SUSE Bugzilla entries cross referenced. No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Thu Jun 27 23:45:39 2013CVE page last modified: Mon Oct 6 18:14:31 2025